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IAB Recommended Policy on Distributing Internet Identifier Assignment 


and 


IAB Recommended Policy Change to Internet "Connected" Status 


Status of this Memo 


This informational RFC represents the official view of the Internet 
Activities Board (IAB), and describes the recommended policies and 
procedures on distributing Internet identifier assignments and 
dropping the connected status requirement. This RFC does not specify 
a standard. Distribution of this memo is unlimited. 
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This RFC includes two recommendations from the IAB to the FNC. The 
first is a "Recommended Policy on Distributing Internet Identifier 
Assignment", that is, a suggestion to distribute the function of 
assigning network and autonomous system numbers. The second is a 
"Recommended Policy Change to Internet ’/Connected’ Status", that is, 
a suggestion to drop the notion of connected status in favor of 
recording the acceptable use policy and traffic access policy for 
each network. Included in this second recommendation is the explict 
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suggestion that any registered network may be entered into the DNS 
database without regard to connected status. 


1. Recommendation about Internet Identifiers 


To: Chairman, Federal Networking Council 

From: Chairman, Internet Activities Board 

CC: IAB, IESG 

Subject: Recommended Policy on Distributing Internet 
Identifier Assignment 


1.1. Summary 


This document recommends procedures for distributing assignment of 
Internet identifiers (network and autonomous system numbers). 


1.2. Introduction 


Throughout its entire history, the Internet system has employed a 
central Internet Assigned Numbers Authority (IANA) for the allocation 
and assignment of various numeric identifiers needed for the 
operation of the Internet. The IANA function is performed by USC 
Information Sciences Institute. The IANA has the discretionary 
authority to delegate portions of this responsibility and, with 
respect to numeric network and autonomous system identifiers, has 
lodged this responsibility with an Internet Registry (IR). This 
function is performed by SRI International at its Network Information 
Center (DDN-NIC). 


With the rapid escalation of the number of networks in the Internet 
and its concurrent internationalization, it is timely to consider 
further delegation of assignment and registration authority on an 
international basis. It is also essential to take into consideration 
that such identifiers, particularly network identifiers of class A 
and B type, will become an increasingly scarce commodity whose 
allocation must be handled with thoughtful care. 


1.3. Proposed Method of Operation 
It is proposed to retain the centralized IANA and IR functions. 
The IR would continue to be the principal registry for all network 
and autonomous system numbers. It would also continue to maintain 
the list of root Domain Name System servers and a database of 


registered nets and autonomous systems. 


In addition, however, the IR would also allocate to organizations 
approved by the Coordinating Committee for Intercontinental Research 
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Networking (CCIRN) blocks of network and autonomous system numbers, 
as needed, and delegate to them further assignment authority. 


It is recommended that, at least initially, the IR serve as the 
default registry in cases where no delegated registration authority 
has been identified. 


Copies of the aggregate Internet registration database(s) should be 
maintained by the IR and copies provided to each delegated registry 
to improve redundancy and access to this information. Updates to the 
database, however, would still be centralized at the IR with complete 
copies redistributed by file transfer or other means on a timely 
basis. 


It is recommended that candidate delegated registries meet with the 

TANA and IR to review operational procedures and requirements and to 
produce documentation to be issued as RFCs describing the details of 
the proposed distributed mode of operation. 


It is recommended that host Domain Name registration continue in its 
present form which already accommodates distribution of this 
function. 


2. Recommendation about Connected Status 


To: Chairman, Federal Networking Council (FNC) 

From: Chairman, Internet Activities Board 

CC: IAB, IESG 

Subject: Recommended Policy Change to Internet "Connected" Status 


2.1. Summary 


This memorandum recommends a change in the current policy for 
associating "connected" status to a subset of networks which have 
been assigned an Internet identifier. 


2.2. Introduction 


In the following, the term Internet Assigned Number Authority (IANA) 
refers to the organization which has primary authority to allocate 
and assign numeric identifiers required for operation of the 
Internet. This function is presently performed by USC Information 
Sciences Institute. The term Internet Registry (IR) refers to the 
organization which has the responsibility for gathering and 
registering information about networks to which identifiers (network 
numbers, autonomous system numbers) have been assigned by the IR. At 
present, SRI International serves as the IR. 
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Attachments (1) and (2) outline the rationale for and implications of 
changing the current policy for associating "connected" status with 
only a subset of networks which have been assigned Internet 
identifiers. 


2.3. Recommendations 


The following actions are recommended: 


1. The Internet Registry should be instructed to drop all 
reference to "connected" status in its databases and in its forms 
for Internet network and autonomous system registration. 


2. The Internet Registry should be instructed to request brief 
statements of acceptable network usage, access and transit policy 
for external traffic (i.e., traffic entering from or exiting to 
other networks) from each applicant for a network or autonomous 
system identifier. For example, some networks conform to the 
National Science Foundation acceptable use guidelines; other 
networks will carry any traffic (e.g., common carriers); others 
may prohibit transit use. Retrospective statements should be 
gathered by the IR for networks already registered. Such 
statements should be made available on-line and widely publicized. 


3. The Internet Registry should be instructed to allow any 
registered networks to be entered into the Domain Name Server 
database without regard to "connected" status. 


Attachment: (1) Recommendation for replacement of "Connected" Status 
(2) Recommendation on DNS and Connectivity 


2.a.1. Attachment 1 

Recommendation for Replacement of "Connected" Status 

2.a.1.1. Summary 
A revision of the current Internet procedures controlling connection 
to the Internet is recommended to solve urgent problems caused by 
Internet growth both in the US and internationally. The 
recommendation involves relaxation of the present "connected" status 
rule and the creation of a policy database to guide network 
administrators. 


2.a.1.2. Background 


With the demise of the ARPANET and the growth of a global Internet, 
the administration and registration of Internet network numbers has 
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outgrown its initially conceived client base: military, government 
and government-—sponsored research organizations. Since the 
international growth has extended the Internet community to industry 
and a broad range of academic and research institutions, we must re- 
evaluate some of the criteria for assignment and use of Internet 
network numbers. 


In the early phases of the Internet research project, numbers were 
assigned only to networks of organizations that were participating in 
the research effort. Later, as the system became more stable and 
expanded into a widespread infrastructure, other organizations with 
networks were assigned network numbers and allowed to interconnect if 
they were parts of the U.S. Government or sponsored by a Government 
organization. To ensure global uniqueness, a single Internet 
Registry (IR) was designated: the Defense Data Net Network 
Information Center (DDN-NIC) at SRI International. 


As the Internet protocols became popular in the commercial 
marketplace, many organizations purchased and installed private 
networks that needed network number assignments but were not intended 
to be connected to the federally-sponsored system. The IR adopted a 
policy of assigning network numbers to all who requested them, while 
distinguishing networks permitted to link to the global Internet by 
assigning them "connected" status. Essentially, this meant that the 
network to which the number was assigned had the sanction of a U.S. 
Government sponsoring organization to link to the Internet. 


The present day Internet encompasses networks that serve as 
intermediaries to access the federally-sponsored backbones. Many of 
these intermediate networks were initiated under the sponsorship of 
the National Science Foundation. Some have been founded without 
federal assistance as consortia of using organizations. The 
Government has expressed a desire that all such networks be self- 
supporting, without the need for federal subsidy. To achieve this 
goal, it has been essential for the intermediate networks to support 
an increasingly varied range of users. A great many industrial 
participants can be found on the intermediate level networks. Their 
use of the federally-sponsored backbones is premised on the basis 
that the traffic is in support of academic, scholarly or other 
research work. The criteria for use of the intermediate level 
networks alone is sometimes more relaxed and, in the cases of the 
newly-formed commercial networks, there are no restrictions at all. 


In essence, each network needs to be able to determine, on the basis 
of its own criteria, with which networks it will interconnect and for 
which networks it will support transit service. There is no longer a 
simple binary correlation between "connected" status and acceptable 
use policy. The matter becomes even more complex as we contemplate 
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the large and growing number of non-U.S. networks joining the global 
Internet. It is inappropriate to require that all of these networks 
adhere to U.S. access and use criteria; rather, it can only be 
required that the traffic they send through the federally-sponsored 
networks be consistent with the federal criteria. 


2.a.1.3. Recommendation 


Since the concept of a single, global "connected" status is no longer 
meaningful, it is recommended that it be retired and to define new 
characteristics that could be used by networks within the Internet to 
determine a specific network’s eligibility to communicate with other 
networks. 


Some attributes which might be useful to track and could be used as 
criteria to determine the acceptability of Internet traffic for 
routing purposes include: 


1) Country codes 


2) Conformance to acceptable use policy for: 
NSFNET, MILNET, NSI, ESnet, NORDUnet, 


To implement this idea, the IR would update the current Internet- 
Number-Template to query applicants for the necessary information. 
This information would then be collected in a database containing, 
for instance, a matrix of network numbers over policies. Note that 
the policies might be presented in narrative form. In addition, the 
usage policies of the various networks must be publicly available so 
that applicants and other interested parties can be advised of policy 
issues as they relate to various networks. 


Under this proposal, the IR would be charged with the registration 
and administration of the Internet number space but not with the 
enforcement of policy. The IR should collect enough information to 
permit network administrators to make intelligent decisions as to the 
acceptability of traffic destined to or from each and every 
legitimate Internet number. Enforcement of policies is discussed 
below. 


At a later step, we anticipate that it will be desirable to 
distribute the IR function among multiple centers, e.g., with centers 
on different continents. This should be straight-forward once the IR 
function is divorced from policy enforcement. 
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2.a.1.4. Discussion 


It is already true in the current Internet that there are 
restrictions on certain traffic on particular networks. For example, 
two intermediate level networks that are willing to carry arbitrary 
traffic can link with each other but are barred from passing 
commercial traffic or any other traffic that is not for academic or 
scholarly purposes across the federally-sponsored backbones. 


Routing of traffic based upon acceptable-use policies requires a 
technical ability known as "policy-based routing" (PBR). At the 
present time, the PBR mechanism available in the Internet operates as 
the level of an entire network; all users and hosts on a network are 
subject to the same routes for a given destination. Using this PBR 
mechanism, a network maintains routes (and provides transit services) 
only for networks with compatible use policies. For an intermediate 
level network, for example, the routing decisions must be made on the 
basis of the network numbers assigned to the organizations; some 
might be considered to have traffic conformant with federal use 
policies and some might not. 


Although it is much more fine-grained than the current "on or off" 
rule of connected status, the use of PBR based on networks is still a 
very coarse measure of control. Since the decision on acceptability 
is made at the network level, one has to assign a set of 
characteristics to all traffic emanating from or entering into a 
given network to make this access control strategy work. Strict 
application of such controls could prevent a commercial organization 
from legitimately sending research or scholarly data across the 
federal backbone (e.g., IBM needs to communicate with MCI and MERIT 
about NSFNET, but other parts of IBM may need to communicate on 
commercial matters). Organizations with a variety of uses might have 
to artificially define several networks with which to associate 
different use policies. 


The practical result is that in order to support desirable usage 
patterns, government-sponsored networks will sometimes have to depend 
upon self-policing by traffic sources, rather than upon strict 
mechanical enforcement of acceptable use policies. Higher certainty 
on usage will have a cost in terms of limiting desirable access. 


An important project now underway in the Internet Engineering Task 
Force (IETF) is developing a more general mechanism for PBR that will 
allow control at the level of individual hosts and possibly even 
user. It will give an end host or user the ability to select routes, 
taking into consideration issues such as cost, performance and 
reliability of the transit networks. 
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-a.2. Attachment 2 


B Policy Recommendation on DNS and Connectivity 


The Internet Domain Name system (DNS) is an essential part of the 
networking infrastructure. It establishes a global distributed 
database for mapping host names into IP addresses and for delivering 
electronic mail. Its efficient and reliable functioning is vital to 
nearly all Internet users. 


Some DNS operations depend upon the existence of a complete database 
at certain "root" servers, in particular at the Internet Registry 
(IP) located at the Defense Data Net Network Information Center at 
SRI International (DDN-NIC). The past policy has been to tie 
inclusion in this database to approval of Internet interconnection by 
a U.S. Government agency. This "connected" status restriction is no 
longer viable, and recommendations for its replacement have been put 
forward. 


In any case, we believe that the DNS database is not the proper 
architectural level for enforcement of administrative access 
restrictions, e.g., controls over the announcement of networks in the 
routing protocols. 


The Internet Activities Board (IAB) therefore strongly endorses the 

following recommendation from the Federal Engineering Planning Group 
to the Federal Networking Council, to provide DNS service regardless 
of access control policies: 


"There has been a great deal of discussion about domain 
nameservers, the IN-ADDR domain, and "connected" status as the 
Internet has grown to include many more nations than just the 
United States. As we move to a more global Internet, it seems 
like it would be a good idea to re-evaluate some of the rules that 
have governed the naming and registration policies that exist. 


The naming and routing should be completely decoupled. In 
particular, it should be possible to register both a name/domain, 
as well as address servers within the IN-ADDR domain, independent 
of whether the client has "connected" status or not. This should 
be implemented immediately by the IR at the DDN-NIC. No U.S. 
Government sponsor should be required for domain name/address 
registration." 


Security Considerations 


Security issues are not addressed in this memo. 
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